Drupal is a registered trademark of Dries Buytaert
drupal 11.3.7 Update released for Drupal core (11.3.7)! drupal 11.2.11 Update released for Drupal core (11.2.11)! drupal 10.6.7 Update released for Drupal core (10.6.7)! drupal 10.5.9 Update released for Drupal core (10.5.9)! cms 2.1.1 Update released for Drupal core (2.1.1)! drupal 11.3.6 Update released for Drupal core (11.3.6)! drupal 10.6.6 Update released for Drupal core (10.6.6)! cms 2.1.0 Update released for Drupal core (2.1.0)! bootstrap 8.x-3.40 Minor update available for theme bootstrap (8.x-3.40). menu_link_attributes 8.x-1.7 Minor update available for module menu_link_attributes (8.x-1.7). eca 3.1.1 Minor update available for module eca (3.1.1). layout_paragraphs 2.1.3 Minor update available for module layout_paragraphs (2.1.3). ai 1.3.3 Minor update available for module ai (1.3.3). ai 1.2.14 Minor update available for module ai (1.2.14). node_revision_delete 2.0.3 Minor update available for module node_revision_delete (2.0.3). moderated_content_bulk_publish 2.0.52 Minor update available for module moderated_content_bulk_publish (2.0.52). klaro 3.0.10 Minor update available for module klaro (3.0.10). klaro 3.0.9 Minor update available for module klaro (3.0.9). layout_paragraphs 2.1.2 Minor update available for module layout_paragraphs (2.1.2). geofield_map 11.1.8 Minor update available for module geofield_map (11.1.8).
← All modules

bot_blocker

99 sites Security covered
View on drupal.org

This module will allow site admins to block requests based on:

  • Sub strings that occur in the user agent of the request.
  • Older browser versions.

If you have a site that is being excessively crawled on search pages that include facets, see the Facet Bot Blocker module.

Wondering what versions of browsers to block? There is no "one size fits all" answer to that, and should be decided as a matter of your organization's policy, and what your tolerance for false positives is, Vs. need to avoid increased hosting costs from bot traffic. The maintainer of this module has generated an analysis of historic traffic of browser versions. The general conclusion is more nuanced than you may realize. There are legitimate reasons why a request may have an older user agent (Safari versions pinned to OS, the last supported versions for Windows 7, which may still be in use, despite end of support.

As the disclaimer mentions in the Facet Bot Blocker module, this module should be considered a last line of defense, if no other options are available to you. It is generally better to implement bot mitigation tools in a CDN/WAF layer instead.

2.0.x version

There is now a 2.0.x branch available, which takes a new "threat detection" approach by looking at more data points to identify bots. Feedback is welcome on this branch, and the plan is to tag a release after the community has had to review it.

Activity

Total releases
2
First release
Jul 2025
Latest release
1 month ago
Release cadence
246 days
Stability
100% stable

Releases

Version Type Release date
1.0.1 Stable Mar 6, 2026
1.0.0 Stable Jul 3, 2025